6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Rain Ottis<br />
Last, but not least, it is very difficult to attribute these attacks to a state, as they can (seem to) be a<br />
true (global) grass roots campaign, even if there is some form of state sponsorship. Some states may<br />
take advantage of this fact by allowing such activity to continue in their jurisdiction, blaming legal<br />
obstacles or lack of capability for their inactivity. It is also possible for government operatives to<br />
“create” a “grass roots” Forum movement in support of the government agenda. (Ottis 2009)<br />
2.3 Weaknesses<br />
A clear weakness of this model is the difficulty to command and control the Forum. Membership is not<br />
formalized and often it is even not visible on the communication platform, because passive readers<br />
can just take ideas from there and execute the attacks on their own. This uncoordinated approach can<br />
seriously hamper the effectiveness of the group as a whole. It may also lead to uncontrolled<br />
expansion of conflict, when members unilaterally attack third parties on behalf of the Forum.<br />
A problem with the loose network is that it is often populated with people who do not have experience<br />
with cyber attacks. Therefore, their options are limited to primitive manual attacks or preconfigured<br />
automated attacks using attack kits or malware. (Ottis 2010a) They are highly reliant on instructions<br />
and tools from more experienced members of the Forum.<br />
The Forum is also prone to infiltration, as it must rely on relatively easily accessible communication<br />
channels. If the communication point is hidden, the group will have difficulties in recruiting new<br />
members. The assumption is, therefore, that the communication point can be easily found by both<br />
potential recruits, as well as infiltrators. Since there is no easy way to vet the incoming members,<br />
infiltration should be relatively simple.<br />
Another potential weakness of the Forum model is the presumption of anonymity. If the membership<br />
can be infiltrated and convinced that their anonymity is not guaranteed, they will be less likely to<br />
participate in the cyber militia. Options for achieving this can include “exposing” the “identities” of the<br />
infiltrators, arranging meetings in real life, offering tools that have a phone-home functionality to the<br />
members, etc. Note that some of these options may be illegal, depending on the circumstances. (Ottis<br />
2010b)<br />
3. The cell<br />
Another model for a volunteer cyber force that has been seen is a hacker cell. In this case, the<br />
generic term hacker is used to encompass all manner of people who perform cyber attacks on their<br />
own, regardless of their background, motivation and skill level. It includes the hackers, crackers and<br />
script kiddies described by Young and Aitel (2004). The hacker cell includes several hackers who<br />
commit cyber attacks on a regular basis over extended periods of time. Examples of hacker cells are<br />
Team Evil and Team Hell, as described in Carr (2009).<br />
3.1 Attributes<br />
Unlike the Forum, the Cell members are likely to know each other in real life, while remaining<br />
anonymous to the outside observer. Since their activities are almost certainly illegal, they need to trust<br />
each other. This limits the size of the group and requires a (lengthy) vetting procedure for any new<br />
recruits. The vetting procedure can include proof of illegal cyber attacks.<br />
The command and control structure of the Cell can vary from a clear self-determined hierarchy to a<br />
flat organization, where members coordinate their actions, but do not give or receive orders. In theory,<br />
several Cells can coordinate their actions in a joint campaign, forming a confederation of hacker cells.<br />
The Cells can exist for a long period of time, in response to a long-term problem, such as the Israel-<br />
Palestine conflict. The activity of such a Cell ebbs and flows in accordance with the intensity of the<br />
underlying conflict. The Cell may even disband for a period of time, only to reform once the situation<br />
intensifies again.<br />
Since hacking is a hobby (potentially a profession) for the members, they are experienced with the<br />
use of cyber attacks. One of the more visible types of attacks that can be expected from a Cell is the<br />
website defacement. Defacement refers to the illegal modification of website content, which often<br />
includes a message from the attacker, as well as the attacker’s affiliation. The Zone-H web archive<br />
309